# Exploit Title: crea8social 1.3 Stored XSS Vulnerability# Date: 24-10-2014# Exploit Author: Halil Dalabasmaz# Version: v1.3# Vendor Homepage: http://codecanyon.net/item/crea8social-php-social-networking-platform-v13/9211270# Tested on: Chrome & Iceweasel# Vulnerability Description:===Stored XSS===
Create a page from"Pages"(/pages) section."Page Website"inputisnot secure. You can run XSS payloads on "Page Website"input.
Sample Payload for Stored XSS: http://example.com/">[xssPayload]=Solution=
Filter the input field against to XSS attacks.================
